1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5

Analysis

max time kernel
129s
max time network
137s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
16/08/2023, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5.exe
Size

1.9MB
MD5

d9fbbd4c13de106c090d80debe4f8a46
SHA1

95c5b10efb62f86ce8796231428817767da32e4a
SHA256

1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5
SHA512

f34b6fe9c31addd5fff4971331c9efc702970cf48abd47a29e4c1789f5cb7a1507f50a22e9bc86d5aaf5b8e84a01a5eeec6719162202c98caa2c0968a3d15840
SSDEEP

49152:acbz6pPs2fd5NdhOd0kLfkGGT+Zs8dgyvkIrcPJSTJ:acbSrDrho0kwqa8mMDJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4744	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4744	2832	1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5.exe	70
PID 2832 wrote to memory of 4744	2832	1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5.exe	70
PID 2832 wrote to memory of 4744	2832	1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5.exe	70

C:\Users\Admin\AppData\Local\Temp\1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5.exe
"C:\Users\Admin\AppData\Local\Temp\1cdb33127efbad3a9b4eb942a724055ce721b91c0250ade2efca3834bb73e8a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" .\1Nqp1np.69 /U /S
  2⤵
  - Loads dropped DLL
  PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1Nqp1np.69

Filesize
1.7MB

MD5
64b43e7d7399094b22a8a1a918b8185a

SHA1
614d9a0dcd8a6e9914718ae471d5045e49ab406e

SHA256
aff941bca57e497dbf49f0e3cba31f5ab2614032794f44dab5ebf126f2ec5009

SHA512
0330ad9211f5c687608715dad3764115ea2666e049e1301a42e07dbe492d59b4ada057f0af124e80cfca819a7f032663e59fab62065c77bdbbb48ff62bc7fa8a

Download Submit
\Users\Admin\AppData\Local\Temp\1nqp1np.69

Filesize
1.7MB

MD5
64b43e7d7399094b22a8a1a918b8185a

SHA1
614d9a0dcd8a6e9914718ae471d5045e49ab406e

SHA256
aff941bca57e497dbf49f0e3cba31f5ab2614032794f44dab5ebf126f2ec5009

SHA512
0330ad9211f5c687608715dad3764115ea2666e049e1301a42e07dbe492d59b4ada057f0af124e80cfca819a7f032663e59fab62065c77bdbbb48ff62bc7fa8a

Download Submit
memory/4744-123-0x0000000002F10000-0x0000000002F16000-memory.dmp

Filesize
24KB

Download
memory/4744-124-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/4744-127-0x0000000004D80000-0x0000000004E81000-memory.dmp

Filesize
1.0MB

Download
memory/4744-128-0x0000000004E90000-0x0000000004F7B000-memory.dmp

Filesize
940KB

Download
memory/4744-131-0x0000000004E90000-0x0000000004F7B000-memory.dmp

Filesize
940KB

Download
memory/4744-132-0x0000000004E90000-0x0000000004F7B000-memory.dmp

Filesize
940KB

Download